Computer Crime Research Center

Cybercrime: virus activity

Sophos, a world leader in protecting businesses against spam and viruses, has published a report revealing the top ten viruses and hoaxes causing problems for businesses around the world during the month of June 2005.

The report, compiled from Sophos's global network of monitoring stations, reveals that the family of Mytob variants have exploded into the chart, holding seven of the top ten positions and accounting for over 40% of the top ten threats reported to Sophos.

The top ten viruses in June 2005 were as follows: W32/Mytob-BE (12.6%), W32/Netsky-P (12.5%), W32/Mytob-AS (9.8%), W32/Mytob-EP (6.4%) and other modifications of Netsky, Mytob and Zafi.

"It seems that the more established virus families, such as Netsky and Zafi, are meeting their match," said Carole Theriault, security consultant at Sophos. "The Mytob-BE worm, in lead position this month, spreads via email and opens a backdoor on the infected computer, allowing unauthorised and remote users to access the PC's contents. It also attempts to block access to computer security websites, making it more difficult for the user to get information on disinfection."

"Considering the plethora of Mytob worms, it seems the authors seem intent on cracking the formula for a worm than can both bypass security measures and collate information," continued Theriault. "There is a lot of talk in the industry about mass-mailing worms dying off, but we are seeing no evidence of this. Although virus writers are looking at other routes into an organisation, such as the internet, they have certainly not given up on taking advantage of people opening unsolicited email attachments."

Sophos identified and protected against 1,434 new viruses in June. The total number of viruses Sophos now protects against is 106,218. Its research shows that 2.3%, or one in 43 emails, circulating during the month of June were viral - a decrease on the previous month.

In order to minimise exposure to viruses, Sophos recommends that companies deploy a policy at their email gateway which blocks unwanted executable attachments from being sent into their organisation from the outside world. Companies should also run up-to-date anti-virus software, firewalls and install the latest security patches.

"The Hotmail hoax continues to be the most prevalent, increasing this month to more than 20% of all reported hoaxes, " continued Theriault. "The best advice for hoaxes hasn't changed: avoid forwarding or responding to unsolicited emails. Instead, simply delete them to save your business's bandwidth from being gobbled up by this drivel."